Observations From the Front Lines of Threat Hunting: Overwatch 2019 Mid-Year Report

Observations From the Front Lines of Threat Hunting: Overwatch 2019 Mid-Year Report


Company Name : CrowdStrike

The report details several of the sophisticated intrusions the team has encountered and provides insights into notable targeted, state-sponsored and criminal campaigns the team investigated during the first half of 2019. The report also includes information on key trends in adversary activity and offers recommendations for defending against the prevalent tools, techniques and procedures (TTPs) attackers are using.


Falcon OverWatch™ is the CrowdStrike® managed threat hunting service built on the CrowdStrike Falcon® platform. OverWatch provides deep and continuous human analysis on a 24×7 basis to relentlessly hunt for anomalous or novel attacker tradecraft designed to evade other detection techniques.

OverWatch is comprised of an elite team of cross-disciplinary specialists that harnesses the massive power of the CrowdStrike Threat Graph®, enriched with CrowdStrike threat intelligence, to continuously hunt, investigate and advise on sophisticated threat activity in customer environments. Armed with cloud-scale telemetry of over two trillion endpoint events collected per week, and detailed tradecraft on more than 120 adversary groups, OverWatch provides the unparalleled ability to see and stop the most sophisticated breaches.

This mid-year report provides a summary of OverWatch’s threat hunting findings from the first half of 2019. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. OverWatch specifically hunts for targeted intrusion adversaries, therefore, this report’s findings cover state-sponsored and targeted eCrime activity, not the full spectrum of attacks that are stopped by the CrowdStrike Falcon platform.

You may also like…

  • 2019 Mobile Threat Landscape Report


  • 2019 CrowdStrike Global Threat Report


Featured Products

  • Crystal Eye UTM Series 10+ Gateway

    Enterprise to SMB/Home Office Solutions - Crystal Eye Series 10 - 200